SCADA systems 


Introduction 


SCADA : 

“Supervisory Control And Data Acquisition” 

A type of Industrial Control System (ICS) that is used 
to monitor & remotely control critical industrial 
processes. 



Why the emphasis on SCADA ? 


SCADA supports Critical Infrastructures of a 
nation e.g. 

▼ Electrical Power Grids 
Oil & Gas pipelines 

* Refineries and chemical plants 

* Water and wastewater systems 
v Manufacturing operations 



SCADA components 


1. Field Instrumentation 

e.g. CT, PT, RTU, PLC 

2. Communication Network 

e.g. Cable, PLCC, Wideband, GPRS 

3. Control Center 


e.g. SLDC, Master SCADA 



SCADA components 
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SCADA components 


[1] .Field Instrumentation: 

• Collects all info of the system & transport to the 
control center. 

• Installed @ Field Station 

• Collects info by CTs, PTs, Transducer, 
RTUs(Remote Terminal Unit), IEDs( Intelligent 
Electronic Devices) 



SCADA components 


[ 11 .Field Instrumentation: 


Types of info associated in a power system - 


Digital Information 

Breaker Status 
Isolator Status 


Analog Information 


V oltage 
Current 
Frequency 
Power Factor 



SCADA components 


[2] . Communication Network; 

• Dedicated Telephone Lines 

• PLCC (Power Line Carrier Communication) 

• VHF (Very High Frequency) 

• Microwave 

• GPRS (General Pocket Radio Service) 

• Optical Fibre 



SCADA components 


[3]. Control Centre: 

• Front End System- Interface between RTU & master 
SCADA 

• Data Base 

• HMI (Human-Machine Interface) 

• LAN 

• Peripheral 



SCADA components 


[3] . Control Centre; 

Control Strategy : Key Priorities 

• Balance generation & demand (dispatching) 

• Monitor flows and observe system limits 

• Coordinate maintenance activities 

• Protect equipment from damage 



SCADA architecture 


First Generation 
Second Generation 
Third Generation 


- Monolithic 

- Distributed 

- Networked 



SCADA architecture 


First Generation - Monolithic 




SCADA architecture 


Second Generation - Distributed 




SCADA architecture 


Third Generation - Networked 




SCADA Master 


Wide Area 
Network (WAN) 


Communications 


Networked Remote 
Terminal Unit 



Functions of SCADA system 


Information Display 

Supervisory Control 

Alarm Processing & Tagging 

Information Storage & Reports 

Data Calculation 

Special RTU Processing Control 



Information Display 
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Alarm Processing & Tagging 
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Information Storage & Reports 
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Recording 

Disposition Message: 


Filename 


Historical Oat a Recording 

SC ADA 


Help 


Files. 


Present. Status: 


Active 


RECORDING FILE DIRECTORY 


Start. Time 


End Time 


Status 


3Q Start | V£ 


HDR$_EMFTY_2 1 56_1 4_1 .BO 1 

HDR._Q709 1 0_2 156 11 0.B01 


10 — SEP — 2 007 

21: 56 : 11 

10 — SEP — 2 007 

22:05:23 

Empty 

Recording 

I TOR 0709 1 0..2 1 44_44_8 .BO 1 


lO — SEP — 2 007 

21:44:44 

lO — SEP — 2 007 

21: 56:09 

Backed 

Up 

HDR.JQ709 1 0_2 1 33_1 S_6 .BO 1 


10 — SEP — 2 007 

2 1 : 33 : 18 

10 — SEP — 2 007 

2 1 : 44 : 42 

Backed 

Up 

HDR _0709 1 0_2 121 _54_4 .BO 1 


lO — SEP — 2 007 

2 1:21: 54 

lO — SEP — 2 007 

21:33: 16 

Backed 

Up 

HDR 0709 1 0_2 1 1 1 _1 9 2 ,B0 1 


1 0 — SEP 2 007 

2 1 : 11 : 13 

10 — SEP — 2 007 

2 1:21: 52 

Backed 

Up 

HDR 0709 1 G_2 1 00_0 1 0 .B0 1 


lO — SEP — 2 007 

21:00:01 

lO — SEP — 2 007 

2 1: 11 : 17 

Backed 

Up 

HDR _0709 1 0_204S_25_S .B0 1 


10 — SEP — 2 007 

20:48:25 

10 — SEP — 2 007 

20 : 59 : 59 

Backed 

Up 

HDR _0709 1 0_2036_56_6 .B0 1 


10 — SEP — 2 007 

20:36: 56 

10 — SEP — 2 007 

20:48:23 

Backed 

Up 

HDR 0709 1 0_2025_4S_4 .B0 1 


10 — SEP — 2 007 

20:25:48 

10 — SEP — 2 007 

20:36: 54 

Backed 

Up 

HDR 0709 1 0_20 1 4_3S_2 .B0 1 


10 — SEP — 2 007 

20 : 14:38 

1 0 — SEP —2007 

20:25:46 

Backed 

Up 

HDR _0709 1 0_2003_39_0 .B0 1 


10 — SEP — 2 007 

20:03:39 

10 — SEP — 2 007 

20 : 14:36 

Backed 

Up 

HDR _G709 1 0_1 952_31 _S .B0 1 


10 — SEP — 2 007 

19 : 52 : 3 1 

10 — SEP — 2 007 

20:03:37 

Backed 

Up 

HDR _0709 1 0 1 941 30 0 .B0 1 


10— SEP 2007 

19:41: 30 

10 — SEP — 2 007 

13 : 52 : 29 

Backed 

Up 

HDR.J0709 1 0_1 930 _Q2_4 .B0 1 


10 — SEP — 2 007 

19:30: 02 

10 — SEP — 2 007 

19:41: 20 

Backed 

Up 

HDR_0709 1 0_1 9 1 S_30_2 .B0 1 


lO — SEP — 2 007 

19 : 18:30 

lO — SEP — 2 007 

19:30:00 

Backed 

Up 

HDR _0709 1 0_1 907_45_0 .B0 1 


10 — SEP — 2 007 

19:07: 45 

10 — SEP — 2 007 

19 : 18 : 28 

Backed 

Up 

HDR _0709 1 0_1 856_55_3 .B0 1 


lO — SEP — 2 007 

18 : 56 : 55 

lO — SEP — 2 007 

19:07: 43 

Backed 

Up 

HDR 0709 1 0_1 S45_00j6 .B0 1 


10 — SEP — 2 007 

10:45: OO 

10 — SEP — 2 007 

18:56: 53 

Backed 

Up 

HDR_0709 1 0_1 833_28_4 .B0 1 


lO — SEP — 2 007 

10:33:28 

lO-SEP— 2007 

18:44: 50 

Backed 

Up 

HDR _0709 1 0_1 822_1 9_2 .B0 1 


10 — SEP — 2 007 

18:22: 19 

10 — SEP — 2 007 

18:33:26 

Backed 

Up 

HDR _0709 1 0_1 811 _47_0 .B0 1 


10 — SEP — 2 007 

18:11: 47 

10 — SEP — 2 007 

18:22: 17 

Backed 

Up 

HDR, 0709 1 0_1 300.43 8 .B0 1 


10 — SEP — 2 007 

10:00: 43 

10 — SEP — 2 007 

18 : 11:45 

Backed 

Up 

HDR 0709 1 G_1 74 1 _1 4 0 .B0 1 


10 — SEP — 2 007 

17:41: 14 

10 — SEP — 2 007 

18:00:41 

Backed 

Up 

HDR _0709 1 G_1 729_58_4 .B0 1 


10 — SEP — 2 007 

17:29: 58 

10 — SEP — 2 007 

17:41: 12 

Backed 

Up 

HDR _0709 1 0_1 7 1 8_1 5_2 .B0 1 


10 — SEP — 2 007 

17 : 18 : 15 

10 — SEP — 2 007 

17:29: 56 

Backed 

Up 

HDR 0709 1 0_1 707_2 1 0 .B0 1 


10 — SEP — 2 007 

17:07:21 

10 — SEP — 2 007 

17 : 18 : 13 

Backed 

Up 
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Data Calculation 







Problems with SCAD A 


No authentication (Unencrypted Communication) 
No security patching 
Multiple access points 
Complex System 

Dependent on industries driven by profit, not 
security 



Mitigation Strategy 


• Security through obscurity 

- Poor defence against “structured adversary” 

• Isolated network 

-Unrealistic given today’s business demands 

• Communication encryption 

- Concerns over latency, reliability 

• Signal authentication 

- May provide good defence without the concerns 
associated with full signal encryption 



Ring of Defenses 


Network 

Attacks 


Corporate Network 
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SCADA Network 
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Steps for Enhancing SCADA security 


• Establish a robust network architecture. 

• Eliminate untrusted remote access points of entry. 

• Evaluate and deploy technology and approaches to 
enhance confidentiality, availability, and integrity. 

• Provide adequate support and training 

• Never become complacent !! © 



Last Words... 


SCADA systems are becoming more & more 
interconnected and more accessible to the same 
villains who attacks our IT networks. But the 
difference is comparable: losing e-mail is not the 
same as millions of gallons of water from a reservoir 
or an electrical blackout ! ! ! 



Thank You& Have a Good 


Time... 



